cranelift: Fuzz IshlI64 libcall

Author: afonso360

Cargo.lock

@@ -833,12 +833,11 @@ where
                 let signature = self.generate_signature()?;
                 (name, signature)
             } else {
-                // Use udivi64 as an example of a libcall function.
-                let mut signature = Signature::new(CallConv::Fast);
-                signature.params.push(AbiParam::new(I64));
-                signature.params.push(AbiParam::new(I64));
-                signature.returns.push(AbiParam::new(I64));
-                (ExternalName::LibCall(LibCall::UdivI64), signature)
+                // Use ishli64 as an example of a libcall function.
+                // TODO: Expand this to more libcall's
+                let libcall = LibCall::IshlI64;
+                let signature = libcall.signature(CallConv::Fast);
+                (ExternalName::LibCall(libcall), signature)
             };
 
             let sig_ref = builder.import_signature(sig.clone());

cranelift/fuzzgen/src/function_generator.rs

@@ -19,6 +19,7 @@ cranelift-interpreter = { path = "../cranelift/interpreter" }
 cranelift-fuzzgen = { path = "../cranelift/fuzzgen" }
 libfuzzer-sys = "0.4.0"
 target-lexicon = "0.12"
+smallvec = "1.6.1"
 wasmtime = { path = "../crates/wasmtime" }
 wasmtime-fuzzing = { path = "../crates/fuzzing" }
 component-test-util = { path = "../crates/misc/component-test-util" }

fuzz/Cargo.toml

@@ -3,6 +3,7 @@
 use libfuzzer_sys::fuzz_target;
 
 use cranelift_codegen::data_value::DataValue;
+use cranelift_codegen::ir::LibCall;
 use cranelift_codegen::settings;
 use cranelift_codegen::settings::Configurable;
 use cranelift_filetests::function_runner::{CompiledFunction, SingleFunctionCompiler};
@@ -12,6 +13,8 @@ use cranelift_interpreter::environment::FunctionStore;
 use cranelift_interpreter::interpreter::{Interpreter, InterpreterError, InterpreterState};
 use cranelift_interpreter::step::ControlFlow;
 use cranelift_interpreter::step::CraneliftTrap;
+use smallvec::smallvec;
+use std::ops::Shl;
 
 const INTERPRETER_FUEL: u64 = 4096;
 
@@ -56,7 +59,13 @@ fuzz_target!(|testcase: TestCase| {
         let mut env = FunctionStore::default();
         env.add(testcase.func.name.to_string(), &testcase.func);
 
-        let state = InterpreterState::default().with_function_store(env);
+        let state = InterpreterState::default()
+            .with_function_store(env)
+            .with_libcall(LibCall::IshlI64, &|args| match &args[..] {
+                [DataValue::I64(_), DataValue::I64(b)] if *b >= 63 => smallvec![DataValue::I64(0)],
+                [DataValue::I64(a), DataValue::I64(b)] => smallvec![DataValue::I64(a.shl(b))],
+                _ => unreachable!(),
+            });
         let interpreter = Interpreter::new(state).with_fuel(Some(INTERPRETER_FUEL));
         interpreter
     };